Squiz Matrix  4.12.2
 All Data Structures Namespaces Functions Variables Pages
paypal_payment_button.inc
1 <?php
17 require_once SQ_CORE_PACKAGE_PATH.'/page/page.inc';
18 
30 class Paypal_Payment_Button extends Page
31 {
32 
38  public static $CUSTOM_PARAM_SPLIT_STR = '::';
39 
40 
46  private static $_post_url = Array(
47  'live' => 'https://www.paypal.com/cgi-bin/webscr',
48  'sandbox' => 'https://www.sandbox.paypal.com/cgi-bin/webscr',
49  );
50 
57  function __construct($assetid=0)
58  {
59  parent::__construct($assetid);
60 
61  }//end constructor
62 
63 
72  public function printBody()
73  {
74  $paypal_config_id = $this->attr('paypal_config_id');
75  if (empty($paypal_config_id)) {
76  trigger_error('Paypal Configuration is not specified for this asset.', E_USER_WARNING);
77  return;
78  }
79 
80  $paypal_config = $GLOBALS['SQ_SYSTEM']->am->getAsset($paypal_config_id);
81  require_once $paypal_config->attr('encryption_lib_path');
82 
83  $paypal_account_id = $this->attr('paypal_account_id');
84  if (empty($paypal_account_id)) {
85  trigger_error('Paypal Business Account is not specified for this asset.', E_USER_WARNING);
86  return;
87  }
88 
89  $paypal_account = $GLOBALS['SQ_SYSTEM']->am->getAsset($paypal_account_id);
90 
91  //gather button's data
92  $data = $this->_concatButtonData($paypal_config, $paypal_account);
93 
94  $encryptedButton = PPCrypto::signAndEncrypt($data, $paypal_account->attr('public_cert_path'), $paypal_account->attr('private_key_path'), '', $paypal_account->attr('paypal_cert_path'));
95 
96  if (!$encryptedButton['status']) {
97  trigger_error('FAIL TO ENCRYPT BUTTON. ERROR: '.$encryptedButton['error_msg'], E_USER_WARNING);
98  return;
99  }
100 
101  $post_url = self::$_post_url[$paypal_account->attr('account_type')];
102 
103  $target = '';
104  if (($this->attr('button_type') == '_cart') || ($this->attr('button_type') == '_view_cart')) {
105  $target = 'target="'.$this->attr('cart_target_window').'"';
106  }
107 
108  $content = <<<HEREDOC
109 <form $target action="{$post_url}" method="post">
110  <input type="hidden" name="cmd" value="_s-xclick">
111  <input type="hidden" name="encrypted" value="-----BEGIN PKCS7-----{$encryptedButton['encryptedData']}-----END PKCS7-----">
112  <input type="image" src="{$this->attr('image_url')}" border="0" name="submit" alt="Paypal payment button">
113 </form>
114 HEREDOC;
115 
116  echo $content;
117 
118  }//end printBody()
119 
120 
121  /*
122  * Concatenate the payment button data that need to be encrypted
123  *
124  * @return string The concatenated string of all the button data
125  * @access private
126  */
127  private function _concatButtonData($paypal_config, $paypal_business_account)
128  {
129  //concat the content of this payment button
130  $cmd = $this->attr('button_type');
131  if ($cmd == '_view_cart') {
132  $cmd = '_cart';
133  }
134 
135  $data = 'cmd='.$cmd."\n";
136 
137  if ($cmd == '_cart') {
138  if ($this->attr('button_type') == '_cart') {
139  $data .= 'add=1'."\n";
140  } else {
141  $data .= 'display=1'."\n";
142  }
143  //add shopping URL if it exists
144  $shopping_url = trim($this->attr('shopping_url'));
145  if ($shopping_url != '') {
146  $data .= 'shopping_url='.$shopping_url."\n";
147  }
148  }
149 
150  $data .= 'business='.$paypal_business_account->attr('account_id')."\n";
151  $data .= 'cert_id='.$paypal_business_account->attr('public_cert_id')."\n";
152 
153  if ($this->attr('button_type') != '_view_cart') {
154  $item_name = $this->attr('item_name');
155  //Replace keywords for item name
156  replace_global_keywords($item_name);
157  $data .= 'item_name='.$item_name."\n";
158 
159  if ($this->attr('item_id') != '') {
160  $data .= 'item_number='.$this->attr('item_id')."\n";
161  }
162 
163  $price = trim($this->attr('price'));
164  if ($price != '') {
165  //Replace keywords for price
166  replace_global_keywords($price);
167  $data .= 'amount='.$price."\n";
168  }
169 
170  $data .= 'currency_code='.$this->attr('currency')."\n";
171 
172  if (($this->attr('button_type') == '_xclick') && $this->attr('undefined_quantity')) {
173  $data .= 'undefined_quantity=1'."\n";
174  }
175 
176  $data .= 'charset='.SQ_CONF_DEFAULT_CHARACTER_SET."\n";
177 
178  //Replace keyword and encode custom variable
179  $custom = $this->attr('custom_var');
180  if ($custom != '') {
181  replace_global_keywords($custom);
182  $custom = urlencode($custom);
183  }
184 
185  //Add this button id to custom variable so that IPN receiver asset will know which button triggered the payment
186  $custom_var = $this->id.self::$CUSTOM_PARAM_SPLIT_STR.$custom;
187 
188  //Get the query string of Notify URL
189  $notify_url_query = parse_url($this->attr('notify_url'), PHP_URL_QUERY);
190  if (is_null($notify_url_query)) {
191  $notify_url_query = '';
192  }
193 
194  //Hash the custom variable string and notify URL's query with our secret string to prevent malicious changes to
195  //the custom parameter and notify URL in Replay attack.
196  //Actually, the notify URL query should not be checked or used here but we might sometimes want to use the trigger
197  //condition URL matches to trigger an action and we do not want the query string to be changed.
198  $custom_hash = md5($paypal_config->attr('custom_param_secret_str').$custom_var.$paypal_config->attr('custom_param_secret_str').$notify_url_query);
199 
200  $data .= 'custom='.$custom_hash.self::$CUSTOM_PARAM_SPLIT_STR.$custom_var."\n";
201 
202  if ($this->attr('notify_url') != '') {
203  $data .= 'notify_url='.$this->attr('notify_url')."\n";
204  }
205 
206  if ($this->attr('return_url') != '') {
207  $data .= 'return='.$this->attr('return_url')."\n";
208  }
209 
210  if ($this->attr('cancel_return_url') != '') {
211  $data .= 'cancel_return='.$this->attr('cancel_return_url')."\n";
212  }
213  }
214 
215  $data .= $this->attr('extra_vars');
216 
217  return $data;
218 
219  }//end _concatButtonData()
220 
221 
222 }//end class
223 
224 ?>